Edge Router X VPN Setup

Connect via SSH

Open either the webportal and click the CLI option (does not allow you to paste) or better yet just download Putty and connect over SSH that way.

Show Running VPN Configuations

configure
#show l2tp config
show vpn l2tp
#show pptp config
show vpn pptp

Delete VPN Configurations

configure
delete vpn pptp
delete vpn l2tp
delete vpn ipsec
commit
save

L2TP Server Configuration

# change eth1 to whatever is the external interface port of the Edgemax
set vpn ipsec ipsec-interfaces interface eth1
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec nat-traversal enable
set vpn l2tp remote-access authentication mode local

#Add local users for L2TP
set vpn l2tp remote-access authentication local-users username WhateverUserName password WhatEverUserPassword

# Set a range of IP addresses that are not being used by your LAN DHCP
set vpn l2tp remote-access client-ip-pool start 192.168.x.x
set vpn l2tp remote-access client-ip-pool stop 192.168.x.x

# Set the DNS servers to give out over DHCP for VPN Name Resolution
set vpn l2tp remote-access dns-servers server-1 192.168.x.x
set vpn l2tp remote-access dns-servers server-2 192.168.x.x

# Set the authentication mode for L2TP
set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret
set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret ThisIsYourLongPassword
set vpn l2tp remote-access ipsec-settings ike-lifetime 3600

# Set the l2tp listening address to the WAN IP and WAN Gateway
set vpn l2tp remote-access outside-address ThisIsYourWANIP
set vpn l2tp remote-access outside-nexthop ThisIsYourWAN-GW-IP

# Optional to set the MTU but I do this just in case they end up on DSL or T1
set vpn l2tp remote-access mtu 1492

commit
save
exit

Add The Firewall Rules For L2TP Traffic

Open the web browser of choice and enter the LAN IP of the edgemax to login to the portal.
Go to the Security Tab and then find WAN_Local in the Firewall Rules.
Click Actions on the right and drop down choosing Edit Ruleset
Add a new rule with the following settings:
Basic Tab:
Description = L2TP
Enable = Checked (true)
Action = Accept
Protocol = UDP
Choose the Destination Tab
Ports = 500,1701,4500 (no spaces)
Save
Add another rule in the ruleset
Description = ESP
Enable = Checked (true)
Action = Accept
Protocol = choose by name then choose ESP
Save
Save again to exit the firewall settings

Configure Windows L2TP VPN

On your windows box that needs to VPN into the Ubiquiti you will create a new VPN connect using the wizard and then go to ncpa.cpl and set the properties on the VPN connect. Specifically three settings:
1 – On the security tab of the VPN connection properties change the type of VPN to Layer 2 Tunneling Protocol
Choose Advanced Settings right below that option and set the shared secret you used above when configuring the L2TP server.
Under allow these protocols choose Challenge Handshake and Microsoft CHAP Version 2
Under the Networking tab choose IPV4 then advanced and turn off the option for Use Default Gateway On Remote Network so you can browse the internet locally while connected to the VPN.

Test the connection

Enable the VPN connect and enter the username and password you created when setting up the local users on the Ubiquiti Edgemax box and hit connect. You should now be connected but the tunnel will not come live until you ping across it or try and access resources on the LAN.